RealTime IT News

Send Me A E-Sign

"A signature always reveals a man's character - and sometimes even his name." -- Evan Esar

A digital signature is an electronic, rather than a written scribble that can be used to authenticate the identity of the sender.

It can also be used to ensure that the original content of the message or document that has been conveyed is unchanged. Digital signatures are easily transportable, cannot be readily repudiated or imitated, and can be automatically time-stamped.

Pretty simply stuff really. All the same it's safe to assume that when the Electronic Signatures in Global and National Commerce Act (E-Sign Act) goes into effect on Oct. 1, the law that grants e-mail the same legal leverage as a signed contract is sure to be tested in court.

A digital signature can be used with any kind of message, whether it is encrypted or not.

For example, let's say I send a final draft of my will to an attorney. I need to assure my lawyer that the document is unedited and verify that the will really is from me. All I have to do is cut-and-paste the document into an e-mail.

Using special software, I can translate my e-mail message into a mathematical summary of the document. The translation process is commonly known as hashing. I pickup a private key from a public authority to encrypt the hash. This is a one of a kind key, so the encryption transforms my common e-mail into my one-and-only digital signature.

At the other end of the e-mail message, my lawyer receives the document. To make sure it's intact and from me, my attorney makes a hash of the received message and uses my now public key to decrypt the hash and decipher the will. My attorney knows that the received message is valid and from me, only if the hashes match.

If you prefer tech speak, digital signatures are created and verified by cryptography, the branch of applied mathematics that concerns itself with transforming messages into seemingly unintelligible forms and back again. By using public key cryptography, digital signatures employ an algorithm using two different but mathematically related "keys." One key creates a digital signature by transforming data into a seemingly unintelligible form, and second key for verifies the digital signature by returning the message to its original form. Computer equipment and software utilizing two such keys are called an "asymmetric cryptosystem."

Anyway you talk about it, digital signatures and the issues surrounding the technology about to explode. Analysts are predicting great things for digital signatures forecasting that the financial and realty markets will be early adopters of authenticated e-mails.

Townsend Analytics anticipates that the traditional system of "open-outcry" trading in the U.S. could soon become obsolete, replaced by a fully electronic trading system that eliminates old inefficiencies. Forbes published a recent article that describes how we will be able to purchase a new house, with the click of a mouse.

The question that remains is whether the online public will trust an online system to deliver sensitive information over the Net.

The World Wide Web Consortium is one group that attempts to clearly define user benefits of the E-Sign Act by creating interoperable solutions to conquer Internet trust concerns.

W3C's mission in life is to develop interoperable technologies that help the Web reach its full potential. The organization believes it's critical that end users to be able to decide what e-mail content they can trust and more importantly, authenticate.

W3C contends that both needs are addressed by attaching hashing digital signatures into online documents. However, e-commerce security lapses and blunders have taken a toll on the industry and many users may require additional information for an e-mail to earn their trust.

In terms of e-comme